Man-in-the-Middle Vulnerability in IBM Tivoli Identity Manager and Security Identity Manager
CVE-2014-6108

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 April 2018

Summary

An unencrypted connection in IBM Tivoli Identity Manager and Security Identity Manager can be exploited by attackers to intercept sensitive data. This flaw exists in multiple versions of the software, where improper handling of secured interfaces allows the potential for sensitive information leakage, making it crucial for organizations using affected products to implement immediate security measures to protect their systems.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.